In December, the Linux Foundation released a report on its 2020 FOSS Contributor Survey. The most important and discussed takeaway was weakness in security (Need to Increase Security). At the core of that finding is that section's very first paragraph, which starts as follows.
These figures are obviously eyebrow-raising. The flagrant error in the figure number right after in that same paragraph surely doesn't help trusting, so I checked. Unfortunately, the report gives no explanation at all about how these figures were computed. And I couldn't reproduce these figures interpreting survey data.
But my third surprise would be even greater. I checked what others were saying about the topic - and found nothing. Not because no one questioned or challenged, but because the Linux Foundation provides no means at all to report an issue in that report.
That is right. The report indicates it was updated to fix errors, but suggests no way to report remaining errors. And that's
just the tip of the iceberg; the Linux Foundation, in general, does not offer any system to track its issues. Nor does it even offer any forum to discuss such matters. Its tens of mailing lists are all project-specific. That, from an organization which suggests greater transparency, no further than in that very report… if FOSS is short on security, it sure isn't on irony!
The ultimate surprise would take a little longer. Having no other option, I questioned the foundation in the only possible way, via its contact form:
The form didn't even send me a copy of my message. But it said I would get a reply within 2 business days.
I have been waiting for 3 business weeks.
I will of course update this as soon as the Linux Foundation replies. But until the foundation is built on stronger foundations, none of its publications should be taken at face value.